An Analyst View of Gartner Security & Risk Management Summit 2023

GARTNER SECURITY & RISK MANAGEMENT SUMMIT 2023 — National Harbor, Md. — At the opening keynote for the Gartner Security & Risk Management Summit 2023, Gartner distinguished VP analyst Leigh McMullen and senior director analyst Henrique Teixeira emphasized that cybersecurity can generate massive value for enterprises. However, professionals in this field must be willing to challenge misconceptions and move beyond obsolete practices.

This keynote discussed the importance of adopting a minimum effective mindset across business engagement, technology, and talent. This approach refers to the input, not the outcome, with a deliberate, ROI-driven strategy to lead cybersecurity into the future.

McMullen and Teixeira took aim at four prevalent myths in the cybersecurity field:

Gene Alvarez, a distinguished VP analyst at Gartner, presented another keynote on the metaverse and digital twins — concepts that will become increasingly important as our thinking about identity management evolves.

In another session, Katell Thielemann, distinguished VP analyst at Gartner, presented on the current CIO and CEO agenda. She highlighted the top priorities of executive leaders and the implications for security. According to Thielemann, boards are willing to increase risks but want results, and CEOs want tangible growth from digital investments. CIOs, on the other hand, need to deliver outcomes by prioritizing the right digital initiatives. She emphasized that CISOs need to adopt a more rigorous approach to prioritizing security resources due to the accelerated enterprise demand for information security expertise caused by digitization.

Walking the vendor floor, I saw many solutions aimed at very familiar use cases, and I heard attendees comment how so many products appeared to replicate solutions to the same problems. Of course, many of the leading sector vendors were there, covering email and messaging security and endpoint protection. Some interesting vendors were taking a fresh look at secure browsers, which for a long time lacked effective enterprise controls despite being a key plank in the endpoint security posture. I must admit that I was somewhat relieved that no one tried to explain to me how GenAI was the source of, or the solution to, all of life's problems.